Set NoAuthRequired on boot level 0 key Since no authentication is used for this key (only the MaxUserPerBoot tag) the NoAuthRequired tag must be present. Some buggy KM implementations don't require this. Bug: 176450483 Test: keystore2_test Test: boot Crosshatch device and check logs Change-Id: Id12c0752938d746a9f6fbedbeb42fefd6049c20c

commit: eb964cfad31167752814d67f7e62a916aedb4480 [log] [tgz]
author: Paul Crowley <paulcrowley@google.com> Mon Apr 19 18:14:15 2021 -0700
committer: Paul Crowley <paulcrowley@google.com> Mon Apr 19 18:14:58 2021 -0700
tree: cf5b5fd2fc6e86375ab7125226aa68603d81c299
parent: b6489cbdcee1c57adf20c45c06c5496cfcef20f5 [diff] [blame]
diff --git a/keystore2/src/boot_level_keys.rs b/keystore2/src/boot_level_keys.rs
index 3d33a26..dd69ed7 100644
--- a/keystore2/src/boot_level_keys.rs
+++ b/keystore2/src/boot_level_keys.rs

@@ -224,6 +224,7 @@
         KeyParameterValue::KeySize(256).into(),
         KeyParameterValue::MinMacLength(256).into(),
         KeyParameterValue::KeyPurpose(KeyPurpose::SIGN).into(),
+        KeyParameterValue::NoAuthRequired.into(),
         KeyParameterValue::MaxUsesPerBoot(1).into(),
     ];
     // We use TRUSTED_ENVIRONMENT here because it is the authority on when
commit	eb964cfad31167752814d67f7e62a916aedb4480	[log] [tgz]
author	Paul Crowley <paulcrowley@google.com>	Mon Apr 19 18:14:15 2021 -0700
committer	Paul Crowley <paulcrowley@google.com>	Mon Apr 19 18:14:58 2021 -0700
tree	cf5b5fd2fc6e86375ab7125226aa68603d81c299
parent	b6489cbdcee1c57adf20c45c06c5496cfcef20f5 [diff] [blame]